Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-40994

Summary
Assigner-hpe
Assigner Org ID-eb103674-0d28-4225-80f8-39fb86215de0
Published At-15 Oct, 2021 | 14:07
Updated At-04 Aug, 2024 | 02:59
Rejected At-
Credits

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
ā–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hpe
Assigner Org ID:eb103674-0d28-4225-80f8-39fb86215de0
Published At:15 Oct, 2021 | 14:07
Updated At:04 Aug, 2024 | 02:59
Rejected At:
ā–¼CVE Numbering Authority (CNA)

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Affected Products
Vendor
n/a
Product
Aruba ClearPass Policy Manager
Versions
Affected
  • ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1
Problem Types
TypeCWE IDDescription
textN/Aremote arbitrary command execution
Type: text
CWE ID: N/A
Description: remote arbitrary command execution
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt
x_refsource_MISC
Hyperlink: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt
Resource:
x_refsource_MISC
ā–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt
x_refsource_MISC
x_transferred
Hyperlink: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
ā–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-alert@hpe.com
Published At:15 Oct, 2021 | 15:15
Updated At:21 Oct, 2021 | 15:13

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches

Aruba Networks
arubanetworks
>>clearpass_policy_manager>>Versions from 6.8.0(inclusive) to 6.8.9(exclusive)
cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>clearpass_policy_manager>>Versions from 6.9.0(inclusive) to 6.9.7(exclusive)
cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>clearpass_policy_manager>>Versions from 6.10.0(inclusive) to 6.10.2(exclusive)
cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>clearpass_policy_manager>>6.8.9
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.8.9:-:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>clearpass_policy_manager>>6.9.7
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.7:-:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-77Primarynvd@nist.gov
CWE ID: CWE-77
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txtsecurity-alert@hpe.com
Third Party Advisory
Hyperlink: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt
Source: security-alert@hpe.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

692Records found

CVE-2024-1356
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.24% / 65.53%
||
7 Day CHG~0.00%
Published-05 Mar, 2024 | 20:14
Updated-01 Aug, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-ArubaOS Wi-Fi Controllers and Campus/Remote Access Pointsarubaossd-wan
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-44853
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.01% / 59.00%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 18:56
Updated-14 May, 2026 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Code Execution via Arbitrary File Write in AOS-8 and AOS-10 Web-Based Management Interface

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-sd-wanarubaosHPE Aruba Networking Wireless Operating System (AOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-44854
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.01% / 59.00%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 18:58
Updated-14 May, 2026 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Code Execution via Arbitrary File Write in AOS-8 and AOS-10 Web-Based Management Interface

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-sd-wanarubaosHPE Aruba Networking Wireless Operating System (AOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-44865
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.92% / 55.85%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 19:12
Updated-15 May, 2026 | 12:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of AOS-8 and AOS-10

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-sd-wanarubaosHPE Aruba Networking Wireless Operating System (AOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-44866
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.90% / 55.16%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 19:12
Updated-15 May, 2026 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of AOS-8 and AOS-10

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-sd-wanarubaosHPE Aruba Networking Wireless Operating System (AOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-44867
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.90% / 55.16%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 19:13
Updated-14 May, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of AOS-8 and AOS-10

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-sd-wanarubaosHPE Aruba Networking Wireless Operating System (AOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-44868
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.90% / 55.16%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 19:15
Updated-14 May, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of AOS-8 and AOS-10

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-sd-wanarubaosHPE Aruba Networking Wireless Operating System (AOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-44869
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.90% / 55.16%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 19:15
Updated-14 May, 2026 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of AOS-8 and AOS-10

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-sd-wanarubaosHPE Aruba Networking Wireless Operating System (AOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-44870
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.90% / 55.16%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 19:16
Updated-14 May, 2026 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Command Injection Vulnerabilities in Command Line Interface (CLI) Service Accessed by PAPI Protocol of AOS-8 and AOS-10 Operating Systems

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-sd-wanarubaosHPE Aruba Networking Wireless Operating System (AOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-44872
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.81% / 52.59%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 19:18
Updated-15 May, 2026 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Arbitrary File Upload via Command Injection in AOS-8 AND AOS-10 Web-Based Management Interface

A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-sd-wanarubaosHPE Aruba Networking Wireless Operating System (AOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-44871
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.23% / 65.19%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 21:06
Updated-14 May, 2026 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Command Injection Vulnerabilities in Command Line Interface (CLI) Service Accessed by PAPI Protocol of AOS-8 and AOS-10 Operating Systems

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-sd-wanarubaosHPE Aruba Networking Wireless Operating System (AOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-35974
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.15% / 63.07%
||
7 Day CHG~0.00%
Published-05 Jul, 2023 | 14:45
Updated-04 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in the ArubaOS Command Line Interface

Authenticated command injection vulnerabilities exist inĀ the ArubaOS command line interface. Successful exploitationĀ of these vulnerabilities result in the ability to executeĀ arbitrary commands as a privileged user on the underlyingĀ operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-mcr-va-50mcr-va-5ksd-wanmcr-hw-1kmcr-va-500mcr-hw-10kmcr-va-1kmc-va-10mcr-va-10kmc-va-250mc-va-1karubaosmcr-hw-5kmc-va-50Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-35972
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.20% / 64.30%
||
7 Day CHG~0.00%
Published-05 Jul, 2023 | 14:44
Updated-04 Dec, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in ArubaOS Web-based Management Interface

An authenticated remote command injection vulnerabilityĀ exists in the ArubaOS web-based management interface.Ā Successful exploitation of this vulnerability results in theĀ ability to execute arbitrary commands as a privileged userĀ on the underlying operating system. This allows an attackerĀ to fully compromise the underlying operating system on theĀ device running ArubaOS.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-mcr-va-50mcr-va-5ksd-wanmcr-hw-1kmcr-va-500mcr-hw-10kmcr-va-1kmc-va-10mcr-va-10kmc-va-250mc-va-1karubaosmcr-hw-5kmc-va-50Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22788
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.70% / 74.47%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 14:08
Updated-28 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface

Multiple authenticated command injection vulnerabilitiesĀ exist in the Aruba InstantOS and ArubaOS 10 command lineĀ interface. Successful exploitation of these vulnerabilitiesĀ result in the ability to execute arbitrary commands as aĀ privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-instantosarubaosAruba Access Points running InstantOS and ArubaOS 10
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2018-16417
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.35% / 87.19%
||
7 Day CHG~0.00%
Published-30 Oct, 2019 | 16:26
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-w1750d_firmwareinstantw1750dn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-37722
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-3.06% / 85.97%
||
7 Day CHG+0.10%
Published-07 Sep, 2021 | 12:09
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-arubaossd-wanscalance_w1750d_firmwarescalance_w1750dAruba SD-WAN Software and Gateways; Aruba Operating System Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-40986
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-2.81% / 84.80%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 13:35
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-40998
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-2.81% / 84.80%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 14:12
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-40987
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-2.81% / 84.80%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 13:33
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-37720
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-3.06% / 85.97%
||
7 Day CHG+0.10%
Published-07 Sep, 2021 | 12:08
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-arubaossd-wanscalance_w1750d_firmwarescalance_w1750dAruba SD-WAN Software and Gateways; Aruba Operating System Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-37724
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-3.06% / 85.97%
||
7 Day CHG+0.10%
Published-07 Sep, 2021 | 12:34
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-arubaosscalance_w1750d_firmwarescalance_w1750dAruba Operating System Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-37723
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-3.06% / 85.97%
||
7 Day CHG+0.10%
Published-07 Sep, 2021 | 12:10
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-arubaosscalance_w1750d_firmwarescalance_w1750dAruba Operating System Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-37718
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-3.06% / 85.97%
||
7 Day CHG+0.10%
Published-07 Sep, 2021 | 12:32
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-arubaossd-wanscalance_w1750d_firmwarescalance_w1750dAruba SD-WAN Software and Gateways; Aruba Operating System Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-37719
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-2.90% / 85.27%
||
7 Day CHG+0.09%
Published-07 Sep, 2021 | 12:06
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

Action-Not Available
Vendor-n/aAruba Networks
Product-arubaossd-wanAruba SD-WAN Software and Gateways; Aruba Operating System Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-37739
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-2.81% / 84.80%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 13:34
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-35973
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.15% / 63.07%
||
7 Day CHG~0.00%
Published-05 Jul, 2023 | 14:45
Updated-04 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in the ArubaOS Command Line Interface

Authenticated command injection vulnerabilities exist inĀ the ArubaOS command line interface. Successful exploitationĀ of these vulnerabilities result in the ability to executeĀ arbitrary commands as a privileged user on the underlyingĀ operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-mcr-va-50mcr-va-5ksd-wanmcr-hw-1kmcr-va-500mcr-hw-10kmcr-va-1kmc-va-10mcr-va-10kmc-va-250mc-va-1karubaosmcr-hw-5kmc-va-50Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22759
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.62% / 73.11%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 16:41
Updated-07 Mar, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in ArubaOS Web-based Management Interface

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-arubaossd-wanAruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22768
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.48% / 70.80%
||
7 Day CHG-0.06%
Published-28 Feb, 2023 | 16:49
Updated-07 Mar, 2025 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in the ArubaOS Command Line Interface

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-mcr-va-50mcr-va-5k7240xmmcr-va-1k9012703070107205arubaos72109004mcr-hw-1ksd-wan9004-ltemcr-hw-10kmcr-va-500mc-va-10mcr-va-10kmc-va-250mc-va-1k72807220mcr-hw-5kmc-va-50Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22770
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.48% / 70.80%
||
7 Day CHG-0.06%
Published-28 Feb, 2023 | 16:51
Updated-07 Mar, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in the ArubaOS Command Line Interface

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-mcr-va-50mcr-va-5k7240xmmcr-va-1k9012703070107205arubaos72109004mcr-hw-1ksd-wan9004-ltemcr-hw-10kmcr-va-500mc-va-10mcr-va-10kmc-va-250mc-va-1k72807220mcr-hw-5kmc-va-50Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22747
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.74% / 74.97%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 15:47
Updated-11 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Unauthenticated Command Injections in the PAPI Protocol

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-sd-wanarubaosAruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22749
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.74% / 74.97%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 16:05
Updated-07 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Unauthenticated Command Injections in the PAPI Protocol

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-sd-wanarubaosAruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22767
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.48% / 70.80%
||
7 Day CHG-0.06%
Published-28 Feb, 2023 | 16:49
Updated-11 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in the ArubaOS Command Line Interface

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-mc-va-1k7010mcr-va-50mcr-va-5k70307240xmsd-wanmcr-va-10kmcr-va-1k900472809004-ltemc-va-10mcr-hw-5kmcr-hw-1kmc-va-2507220mcr-hw-10karubaos9012mc-va-507205mcr-va-5007210Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22790
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.70% / 74.47%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 14:08
Updated-31 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface

Multiple authenticated command injection vulnerabilitiesĀ exist in the Aruba InstantOS and ArubaOS 10 command lineĀ interface. Successful exploitation of these vulnerabilitiesĀ result in the ability to execute arbitrary commands as aĀ privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-instantosarubaosAruba Access Points running InstantOS and ArubaOS 10
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22762
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.48% / 70.80%
||
7 Day CHG-0.06%
Published-28 Feb, 2023 | 16:46
Updated-12 Mar, 2025 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in the ArubaOS Command Line Interface

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-mcr-va-50mcr-va-5k7240xmmcr-va-1k9012703070107205arubaos72109004mcr-hw-1ksd-wan9004-ltemcr-hw-10kmcr-va-500mc-va-10mcr-va-10kmc-va-250mc-va-1k72807220mcr-hw-5kmc-va-50Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22765
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.48% / 70.80%
||
7 Day CHG-0.06%
Published-28 Feb, 2023 | 16:47
Updated-11 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in the ArubaOS Command Line Interface

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-mc-va-1k7010mcr-va-50mcr-va-5k70307240xmsd-wanmcr-va-10kmcr-va-1k900472809004-ltemc-va-10mcr-hw-5kmcr-hw-1kmc-va-2507220mcr-hw-10karubaos9012mc-va-507205mcr-va-5007210Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22763
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.48% / 70.80%
||
7 Day CHG-0.06%
Published-28 Feb, 2023 | 16:46
Updated-11 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in the ArubaOS Command Line Interface

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-mc-va-1k7010mcr-va-50mcr-va-5k70307240xmsd-wanmcr-va-10kmcr-va-1k900472809004-ltemc-va-10mcr-hw-5kmcr-hw-1kmc-va-2507220mcr-hw-10karubaos9012mc-va-507205mcr-va-5007210Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22758
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.62% / 73.11%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 16:40
Updated-07 Mar, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in ArubaOS Web-based Management Interface

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-arubaossd-wanAruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22750
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.74% / 74.97%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 16:09
Updated-07 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Unauthenticated Command Injections in the PAPI Protocol

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-sd-wanarubaosAruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22766
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.48% / 70.80%
||
7 Day CHG-0.06%
Published-28 Feb, 2023 | 16:48
Updated-11 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in the ArubaOS Command Line Interface

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-mc-va-1k7010mcr-va-50mcr-va-5k70307240xmsd-wanmcr-va-10kmcr-va-1k900472809004-ltemc-va-10mcr-hw-5kmcr-hw-1kmc-va-2507220mcr-hw-10karubaos9012mc-va-507205mcr-va-5007210Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22769
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.48% / 70.80%
||
7 Day CHG-0.06%
Published-28 Feb, 2023 | 16:50
Updated-07 Mar, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in the ArubaOS Command Line Interface

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-mcr-va-50mcr-va-5k7240xmmcr-va-1k9012703070107205arubaos72109004mcr-hw-1ksd-wan9004-ltemcr-hw-10kmcr-va-500mc-va-10mcr-va-10kmc-va-250mc-va-1k72807220mcr-hw-5kmc-va-50Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22748
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.74% / 74.97%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 15:59
Updated-07 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Unauthenticated Command Injections in the PAPI Protocol

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-sd-wanarubaosAruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22760
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.62% / 73.11%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 16:42
Updated-12 Mar, 2025 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in ArubaOS Web-based Management Interface

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-arubaossd-wanAruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22761
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.62% / 73.11%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 16:42
Updated-07 Mar, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in ArubaOS Web-based Management Interface

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-arubaossd-wanAruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22789
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.66% / 73.86%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 14:08
Updated-31 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface

Multiple authenticated command injection vulnerabilitiesĀ exist in the Aruba InstantOS and ArubaOS 10 command lineĀ interface. Successful exploitation of these vulnerabilitiesĀ result in the ability to execute arbitrary commands as aĀ privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-instantosarubaosAruba Access Points running InstantOS and ArubaOS 10
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-22764
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.48% / 70.80%
||
7 Day CHG-0.06%
Published-28 Feb, 2023 | 16:47
Updated-11 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Execution in the ArubaOS Command Line Interface

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-mc-va-1k7010mcr-va-50mcr-va-5k70307240xmsd-wanmcr-va-10kmcr-va-1k900472809004-ltemc-va-10mcr-hw-5kmcr-hw-1kmc-va-2507220mcr-hw-10karubaos9012mc-va-507205mcr-va-5007210Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-37162
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-0.81% / 52.32%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 19:23
Updated-13 Feb, 2026 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Command Injection Vulnerability Leading to Arbitrary Remote Command Execution

A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-arubaosHPE Aruba Networking 100 Series Cellular Bridge
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-37133
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.27% / 66.37%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 16:54
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Command Injection Vulnerability in AOS-8 Controller/Mobility Conductor Web-Based Management Interface via the CLI Binaryalong with accounting controls for tracking and logging user activities and resource usage.

An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-arubaosArubaOS (AOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-37138
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.2||MEDIUM
EPSS-0.69% / 48.15%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 16:57
Updated-12 Nov, 2025 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Command Injection Vulnerability in CLI Binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface (Physical Access Required)

An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardware controllers. A successful attack could allow an authenticated malicious actor with physical access to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-arubaosArubaOS (AOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-37134
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.27% / 66.37%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 16:56
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Command Injection Vulnerability in the Low-Level Interface Library Affecting AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface

An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-arubaosArubaOS (AOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-37176
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-1.24% / 65.67%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 20:07
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Command Injection Vulnerability in an AOS-8 operating system's internal workflow

A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges of the impacted mechanism.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-arubaosArubaOS (AOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 13
  • 14
  • Next
Details not found