ByteOS

>>instantos>>Versions from 6.4.0.0(inclusive) to 6.4.4.8-4.2.4.22(exclusive)

>>instantos>>Versions from 6.5.0.0(inclusive) to 6.5.4.25(exclusive)

>>instantos>>Versions from 8.6.0.0(inclusive) to 8.6.0.21(exclusive)

>>instantos>>Versions from 8.10.0.0(inclusive) to 8.10.0.7(exclusive)

>>instantos>>Versions from 8.11.0.0(inclusive) to 8.11.1.1(exclusive)

Weaknesses

CWE ID	Type	Source
CWE-120	Primary	nvd@nist.gov

CWE ID: CWE-120

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt	security-alert@hpe.com	Vendor Advisory

Hyperlink: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt

Source: security-alert@hpe.com

Resource:

Vendor Advisory

Similar CVEs

1154Records found

CVE-2021-39238

Matching Score-10

Assigner-HP Inc.

Product-futuresmart_5 futuresmart_4 futuresmart_3 HP Enterprise LaserJet; HP LaserJet Managed; HP Enterprise PageWide; HP PageWide Managed printers

Matching Score-10

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-16.20% / 94.55%

7 Day CHG~0.00%

Published-03 Nov, 2021 | 00:06

Updated-04 Aug, 2024 | 02:06

Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow.

Vendor-n/a HP Inc.

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2019-6327

Matching Score-10

Assigner-HP Inc.

Matching Score-10

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.82% / 73.33%

7 Day CHG~0.00%

Published-17 Jun, 2019 | 15:55

Updated-04 Aug, 2024 | 20:16

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow.

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2021-37716

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-1.58% / 80.84%

7 Day CHG~0.00%

Published-07 Sep, 2021 | 12:02

Updated-04 Aug, 2024 | 01:23

A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

Product-arubaos sd-wan scalance_w1750d_firmware scalance_w1750d Aruba SD-WAN Software and Gateways; Aruba Operating System Software

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2021-37726

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-1.32% / 79.03%

7 Day CHG~0.00%

Published-12 Oct, 2021 | 14:06

Updated-04 Aug, 2024 | 01:23

A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.

Product-aruba_instant scalance_w1750d_firmware scalance_w1750d HPE Aruba Instant (IAP)

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-37888

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-1.12% / 77.33%

7 Day CHG~0.00%

Published-06 Oct, 2022 | 00:00

Updated-03 Aug, 2024 | 10:37

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-37891

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.82% / 73.45%

7 Day CHG~0.00%

Published-07 Oct, 2022 | 00:00

Updated-03 Aug, 2024 | 10:37

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Product-arubaos scalance_w1750d_firmware instant scalance_w1750d Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-37890

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.82% / 73.45%

7 Day CHG~0.00%

Published-07 Oct, 2022 | 00:00

Updated-03 Aug, 2024 | 10:37

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-37886

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-1.30% / 78.89%

7 Day CHG~0.00%

Published-07 Oct, 2022 | 00:00

Updated-03 Aug, 2024 | 10:37

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-37887

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-1.30% / 78.89%

7 Day CHG~0.00%

Published-07 Oct, 2022 | 00:00

Updated-03 Aug, 2024 | 10:37

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-37885

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-1.30% / 78.89%

7 Day CHG~0.00%

Published-07 Oct, 2022 | 00:00

Updated-03 Aug, 2024 | 10:37

Product-arubaos scalance_w1750d_firmware instant scalance_w1750d Aruba Access Points; 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2021-25149

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.71% / 71.42%

7 Day CHG~0.00%

Published-29 Mar, 2021 | 23:58

Updated-03 Aug, 2024 | 19:56

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

Product-scalance_w1750d_firmware instant scalance_w1750d Aruba Instant Access Points

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-45616

Matching Score-10

Matching Score-10

Product-arubaos instantos Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;

CVSS Score-9.8||CRITICAL

EPSS-0.87% / 74.30%

7 Day CHG~0.00%

Published-14 Nov, 2023 | 22:48

Updated-30 Aug, 2024 | 17:23

There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Vendor-HP Inc.Aruba Networks Hewlett Packard Enterprise (HPE)

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-45614

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.87% / 74.30%

7 Day CHG~0.00%

Published-14 Nov, 2023 | 22:43

Updated-14 Aug, 2024 | 20:35

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Vendor-HP Inc.Aruba Networks Hewlett Packard Enterprise (HPE)

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-45615

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.87% / 74.30%

7 Day CHG~0.00%

Published-14 Nov, 2023 | 22:44

Updated-30 Aug, 2024 | 17:23

Vendor-HP Inc.Aruba Networks Hewlett Packard Enterprise (HPE)

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-28722

Matching Score-10

Assigner-HP Inc.

Product-j9v80a_firmware d3q17a_firmware g5j38a j7k42a j7k42a_firmware j6u51b_firmware j7k40a_firmware k7s40a_firmware j7k40a d9l63a_firmware t0f39a j6u51b t0f29a_firmware d9l63a k7s43a d3q19a j7k38a_firmware y3z46a_firmware d9l64a_firmware t0g46a k7s38a_firmware w1b37a_firmware k7s37a_firmware j7k35a j6u55b p4c78a p4c84a_firmware y3z47a p4c86a p4c82a_firmware j7k37a t0g65a_firmware w1b38a j6x81a_firmware j6x79a_firmware j3p65a j6u55a d3q21a_firmware j3p66a t0f28a j7k33a_firmware t0g46a_firmware m9l70a_firmware j3p67a j7k36a k7s41a w1b39a g5j38a_firmware g5j56a t0g48a_firmware m9l65a_firmware m9l67a t0f39a_firmware j9v82a d3q16a_firmware j3p67a_firmware t0f40a_firmware j6x80a_firmware w1b31a_firmware t0f37a j6u57a y3z57a t0g70a t3p03a_firmware w1b29a_firmware p4c82a j6x79a t0f33a_firmware t0f29a y3z45a_firmware t0f40a t0g48a j6x83a_firmware t0f35a y0s18a t0g49a k7s41a_firmware t0g47a y0s18a_firmware p4c81a j6x81a d3q15a_firmware a7w93a t0g25a j3p68a p4c85a_firmware t0g70a_firmware t0f35a_firmware d9l18a_firmware m9l65a k7s42a j7k37a_firmware j7k39a t0f32a j6x77a w1b33a m9l66a t0f36a k7s39a d3q15a j7k38a d9l21a j6x76a_firmware t0g49a_firmware d3q19a_firmware l3t99a_firmware y0s19a_firmware j7k33a k7s37a j7k34a_firmware a7w93a_firmware y3z45a y0s19a y3z54a k7s32a k7s42a_firmware j6x78a_firmware m9l70a y3z46a m9l67a_firmware j6u55a_firmware d9l21a_firmware t0f31a_firmware j6x77a_firmware t0f34a w1b39a_firmware k9z76a_firmware j3p66a_firmware k7s40a p4c85a j7k36a_firmware y3z57a_firmware j6x80a y3z44a_firmware t0g65a d9l64a y3z44a l3t99a t0f38a t0f28a_firmware k7s39a_firmware j6u55b_firmware d3q17a d3q20a_firmware t0g47a_firmware y3z54a_firmware p4c78a_firmware m9l66a_firmware t1p99a_firmware w1b33a_firmware j7k41a j7k35a_firmware t0g25a_firmware w1b38a_firmware j6x78a d9l20a t1p99a t0f38a_firmware w1b31a t0f34a_firmware j9v80a d9l18a t0f33a w1b37a k7s43a_firmware t0f31a k9z76a t3p03a t0f30a t0f37a_firmware j6x83a t0g26a d9l20a_firmware p4c86a_firmware k7s38a j7k34a j6x76a j3p68a_firmware d3q16a d3q21a w1b29a t0f32a_firmware y3z47a_firmware j6u57a_firmware d3q20a w1b28a_firmware j7k41a_firmware j9v82a_firmware w1b28a j3p65a_firmware g5j56a_firmware k7s32a_firmware t0f30a_firmware j7k39a_firmware p4c81a_firmware t0g26a_firmware p4c84a t0f36a_firmware Certain HP inkjet printers, HP LaserJet Pro printers, HP PageWide Pro printers

Matching Score-10

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-2.07% / 83.18%

7 Day CHG~0.00%

Published-26 Sep, 2022 | 14:54

Updated-27 May, 2025 | 20:15

Certain HP Print Products are potentially vulnerable to Buffer Overflow.

Vendor-n/a HP Inc.

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-35981

Matching Score-10

Matching Score-10

Product-arubaos instantos Aruba Access Points running InstantOS and ArubaOS 10 arba_access_points_running_instantos_and_arubaos_10

CVSS Score-9.8||CRITICAL

EPSS-1.70% / 81.50%

7 Day CHG~0.00%

Published-25 Jul, 2023 | 18:28

Updated-07 Nov, 2024 | 18:51

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

Vendor-HP Inc.Aruba Networks Hewlett Packard Enterprise (HPE)

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2019-5319

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-1.74% / 81.72%

7 Day CHG~0.00%

Published-30 Mar, 2021 | 01:45

Updated-04 Aug, 2024 | 19:54

Product-scalance_w1750d_firmware instant scalance_w1750d Aruba Instant Access Points

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-35982

Matching Score-10

Matching Score-10

Product-arubaos instantos Aruba Access Points running InstantOS and ArubaOS 10 arba_access_points_running_instantos_and_arubaos_10

CVSS Score-9.8||CRITICAL

EPSS-0.88% / 74.35%

7 Day CHG~0.00%

Published-25 Jul, 2023 | 18:28

Updated-07 Nov, 2024 | 18:11

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

Vendor-HP Inc.Aruba Networks Hewlett Packard Enterprise (HPE)

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-37889

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-1.30% / 78.89%

7 Day CHG~0.00%

Published-07 Oct, 2022 | 00:00

Updated-03 Aug, 2024 | 10:37

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-32674

Matching Score-10

Assigner-HP Inc.

Matching Score-10

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.64% / 69.54%

7 Day CHG~0.00%

Published-12 Jun, 2023 | 21:40

Updated-03 Jan, 2025 | 19:15

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.

Vendor-HP Inc.

Product-pc_hardware_diagnostics HP PC Hardware Diagnostics Windows

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22786

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.88% / 74.35%

7 Day CHG~0.00%

Published-08 May, 2023 | 14:03

Updated-31 Jan, 2025 | 18:15

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

Product-instantos arubaos Aruba Access Points running InstantOS and ArubaOS 10

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-27971

Matching Score-10

Assigner-HP Inc.

Matching Score-10

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.64% / 69.54%

7 Day CHG~0.00%

Published-28 Apr, 2023 | 15:55

Updated-30 Jan, 2025 | 21:15

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege.

Vendor-HP Inc.

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-27972

Matching Score-10

Assigner-HP Inc.

Matching Score-10

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-3.02% / 86.09%

7 Day CHG~0.00%

Published-28 Apr, 2023 | 15:59

Updated-30 Jan, 2025 | 20:15

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution.

Vendor-HP Inc.

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22783

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.88% / 74.35%

7 Day CHG~0.00%

Published-08 May, 2023 | 14:03

Updated-31 Jan, 2025 | 18:15

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

Product-instantos arubaos Aruba Access Points running InstantOS and ArubaOS 10

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22754

Matching Score-10

Matching Score-10

Product-arubaos sd-wan Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central

CVSS Score-8.1||HIGH

EPSS-2.19% / 83.70%

7 Day CHG~0.00%

Published-28 Feb, 2023 | 16:34

Updated-07 Mar, 2025 | 18:11

Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22756

Matching Score-10

Matching Score-10

Product-arubaos sd-wan Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central

CVSS Score-8.1||HIGH

EPSS-2.19% / 83.70%

7 Day CHG~0.00%

Published-28 Feb, 2023 | 16:36

Updated-07 Mar, 2025 | 18:10

Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes

Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22755

Matching Score-10

Matching Score-10

Product-arubaos sd-wan Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central

CVSS Score-8.1||HIGH

EPSS-2.19% / 83.70%

7 Day CHG~0.00%

Published-28 Feb, 2023 | 16:35

Updated-07 Mar, 2025 | 18:10

Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes

Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22753

Matching Score-10

Matching Score-10

Product-sd-wan arubaos Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central

CVSS Score-8.1||HIGH

EPSS-2.19% / 83.70%

7 Day CHG~0.00%

Published-28 Feb, 2023 | 16:33

Updated-11 Mar, 2025 | 14:15

Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes

Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-1329

Matching Score-10

Assigner-HP Inc.

Matching Score-10

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-3.02% / 86.09%

7 Day CHG~0.00%

Published-14 Jun, 2023 | 20:23

Updated-31 Dec, 2024 | 20:15

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products.

Vendor-HP Inc.

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22784

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.88% / 74.35%

7 Day CHG~0.00%

Published-08 May, 2023 | 14:03

Updated-31 Jan, 2025 | 18:15

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

Product-instantos arubaos Aruba Access Points running InstantOS and ArubaOS 10

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22780

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.88% / 74.35%

7 Day CHG~0.00%

Published-08 May, 2023 | 14:03

Updated-29 Jan, 2025 | 16:15

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

Product-arubaos instantos Aruba Access Points running InstantOS and ArubaOS 10

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22779

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.88% / 74.35%

7 Day CHG~0.00%

Published-08 May, 2023 | 14:02

Updated-29 Jan, 2025 | 16:15

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

Product-arubaos instantos Aruba Access Points running InstantOS and ArubaOS 10

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22757

Matching Score-10

Matching Score-10

Product-arubaos sd-wan Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central

CVSS Score-8.1||HIGH

EPSS-2.19% / 83.70%

7 Day CHG~0.00%

Published-28 Feb, 2023 | 16:36

Updated-07 Mar, 2025 | 18:09

Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes

Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22785

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.88% / 74.35%

7 Day CHG~0.00%

Published-08 May, 2023 | 14:03

Updated-31 Jan, 2025 | 18:15

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

Product-instantos arubaos Aruba Access Points running InstantOS and ArubaOS 10

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22781

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.88% / 74.35%

7 Day CHG~0.00%

Published-08 May, 2023 | 14:03

Updated-31 Jan, 2025 | 19:15

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

Product-instantos arubaos Aruba Access Points running InstantOS and ArubaOS 10

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-22782

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-0.88% / 74.35%

7 Day CHG~0.00%

Published-08 May, 2023 | 14:03

Updated-31 Jan, 2025 | 19:15

Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

Product-instantos arubaos Aruba Access Points running InstantOS and ArubaOS 10

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2020-24633

Matching Score-10

Matching Score-10

CVSS Score-9.8||CRITICAL

EPSS-1.34% / 79.17%

7 Day CHG~0.00%

Published-11 Dec, 2020 | 01:26

Updated-04 Aug, 2024 | 15:19

There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.

Vendor-n/a Aruba Networks

Product-sd-wan 9004-lte 7005 7240xm 9012 7008 7030 7220 7010 7205 7024 7280 arubaos 7210 9004 Aruba 9000 Gateway Aruba 7000 Series Mobility Controllers Aruba 7200 Series Mobility Controllers

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2024-4143

Matching Score-10

Assigner-HP Inc.

Matching Score-10

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.20% / 42.71%

7 Day CHG-0.28%

Published-15 Jul, 2024 | 21:46

Updated-01 Aug, 2024 | 20:33

Certain HP PC products using AMI BIOS – Buffer Overflow

A potential security vulnerability has been identified in certain HP PC products using AMI BIOS, which might allow arbitrary code execution. AMI has released firmware updates to mitigate this vulnerability.

Vendor-HP Inc.

Product-Certain HP PC Products ami_bios

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2024-42505

Matching Score-8

Matching Score-8

CVSS Score-9.8||CRITICAL

EPSS-1.29% / 78.84%

7 Day CHG~0.00%

Published-24 Sep, 2024 | 18:09

Updated-26 Sep, 2024 | 13:32

Unauthenticated Command Injection Vulnerabilities in the CLI Service Accessed by the PAPI Protocol

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Vendor-Aruba Networks Hewlett Packard Enterprise (HPE)

Product-Aruba OS arubaos

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2024-42394

Matching Score-8

Matching Score-8

Product-arubaos instantos HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 arubaos aruba_networking_instantos

CVSS Score-9.8||CRITICAL

EPSS-0.43% / 62.00%

7 Day CHG~0.00%

Published-06 Aug, 2024 | 18:57

Updated-12 Aug, 2024 | 18:23

Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Vendor-HP Inc.Aruba Networks Hewlett Packard Enterprise (HPE)

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-42509

Matching Score-8

Matching Score-8

CVSS Score-9.8||CRITICAL

EPSS-0.65% / 69.97%

7 Day CHG~0.00%

Published-05 Nov, 2024 | 22:34

Updated-09 Nov, 2024 | 04:55

Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol

Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Vendor-Aruba Networks Hewlett Packard Enterprise (HPE)

Product-HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 arubaos instant

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2024-42395

Matching Score-8

Matching Score-8

CVSS Score-9.8||CRITICAL

EPSS-0.29% / 52.35%

7 Day CHG~0.00%

Published-06 Aug, 2024 | 18:56

Updated-12 Aug, 2024 | 18:23

Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the AP Certificate Management Service Accessed by the PAPI Protocol

There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Vendor-HP Inc.Aruba Networks Hewlett Packard Enterprise (HPE)

Product-arubaos instantos HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 instant

CWE ID-CWE-295

Improper Certificate Validation

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-42393

Matching Score-8

Matching Score-8

CVSS Score-9.8||CRITICAL

EPSS-0.53% / 66.29%

7 Day CHG~0.00%

Published-06 Aug, 2024 | 18:58

Updated-12 Aug, 2024 | 18:22

Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol

Vendor-HP Inc.Aruba Networks Hewlett Packard Enterprise (HPE)

Product-arubaos instantos Hpe Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 instant

CWE ID-CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-42507

Matching Score-8

Matching Score-8

CVSS Score-9.8||CRITICAL

EPSS-1.29% / 78.84%

7 Day CHG~0.00%

Published-24 Sep, 2024 | 18:11

Updated-26 Sep, 2024 | 13:32

Unauthenticated Command Injection Vulnerabilities in the CLI Service Accessed by the PAPI Protocol

Vendor-Aruba Networks Hewlett Packard Enterprise (HPE)

Product-Aruba OS arubaos

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2021-40997

Matching Score-8

Matching Score-8

CVSS Score-9.8||CRITICAL

EPSS-0.71% / 71.27%

7 Day CHG~0.00%

Published-15 Oct, 2021 | 14:11

Updated-04 Aug, 2024 | 02:59

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Vendor-n/a Aruba Networks

Product-clearpass_policy_manager Aruba ClearPass Policy Manager

CVE-2021-40996

Matching Score-8

Matching Score-8

CVSS Score-9.8||CRITICAL

EPSS-0.71% / 71.27%

7 Day CHG~0.00%

Published-15 Oct, 2021 | 14:05

Updated-04 Aug, 2024 | 02:59

Vendor-n/a Aruba Networks

Product-clearpass_policy_manager Aruba ClearPass Policy Manager

CVE-2021-3942

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-4.43% / 88.59%

7 Day CHG~0.00%

Published-22 Nov, 2022 | 23:07

Updated-25 Apr, 2025 | 21:15

Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR.

Vendor-HP Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2021-3919

Matching Score-8

Assigner-HP Inc.

Product-omen_17t-cb000 envy_15t-es100 omen_desktop_p1000-0xx pavilion_gaming_15-ec2xxx spectre_x360_16-f0xxx command_center omen_2s_15-dg0xxx spectre_x360_13-aw0xxx spectre_13t-ak100 pavilion_gaming_tg01-1xxx envy_14t-eb100 envy_15-ep1xxx omen_desktop_30l_gt13-1xxx omen_desktop_25l_gt12-1xxx spectre_x360_14-ea2xxx spectre_13t-aw200 envy_17m-ch1xxx omen_desktop_900-1xx pavilion_gaming_tg01-2xxx omen_15-dc2xxx spectre_x360_15-eb1xxx omen_gaming_desktop_45l_gt22-0xxx envy_all-in-one_34-c0xxx omen_15-dh0xxx omen_15-en0xxx omen_17-cb1xxx pavilion_gaming_15-dk1xxx envy_x360_15-eu0xxx omen_15-dh1xxx pavilion_gaming_15-ec1xxx omen_desktop_25l_gt11-1xxx envy_14-eb1xxx omen_desktop_30l_gt13-0xxx omen_desktop_880-0xx omen_17-an0xx spectre_13t-aw000 omen_15-ce1xx omen_15-dc1xxx victus_gaming_16-d0xxx envy_15t-ep000 envy_x360_13-ay1xxx omen_17-cb0xxx omen_15-en1xxx omen_gaming_16-b0xxx spectre_14t-ea000 omen_gaming_hub omen_obelisk_desktop_875-0xxx envy_15t-ep100 omen_desktop_900-2xx envy_15-ep0xxx omen_desktop_25l_gt12-0xxx spectre_15t-eb000 pavilion_gaming_17-cd1xxx omen_15t-dc200 omen_desktop_880-5xx omen_obelisk_desktop_875-1xxx omen_17t-cb100 envy_13z-ay100 envy_17t-ch000 spectre_folio_13-ak1xxx envy_15t-es000 omen_15-dc0xxx envy_x360_13m-bd1xxx spectre_15t-eb100 omen_15-ce0xx omen_desktop_40l_gt21-0xxx envy_x360_15m-eu0xxx omen_gaming_17-ck0xxx envy_13t-bd100 omen_desktop_873-0xxx envy_17-ch1xxx envy_17-ch0xxx omen_15t-dh000 envy_14-eb0xxx spectre_x360_13-aw2xxx pavilion_17t-cd000 victus_gaming_16-e0xxx envy_x360_15-es0xxx omen_15t-dh100 envy_17t-ch100 envy_17m-ch0xxx omen_desktop_880-1xx omen_15-ek1xxx spectre_x360_15-eb0xxx envy_x360_13-bd1xxx omen_15-ek0xxx pavilion_15t-dk000 zhan_99_g2_mobile_workstation omen_17-an1xx omen_desktop_25l_gt11-0xxx pavilion_gaming_tg01-0xxx envy_15z-ee100 pavilion_gaming_17-cd2xxx pavilion_gaming_15-dk2xxx pavilion_gaming_15-dk0xxx pavikion_16t-a000 omen_15t-dg000 spectre_x360_14-ea0xxx envy_x360_15m-es0xxx omen_gaming_16-c0xxx envy_x360_15-ee1xxx envy_x360_15-es1xxx pavilion_gaming_16-a0xxx pavilion_gaming_17-cd0xxx omen_15z-en000 pavilion_gaming_15-ec0xxx OMEN Gaming Hub and HP Command Center

Matching Score-8

Assigner-HP Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.83% / 73.54%

7 Day CHG~0.00%

Published-21 Nov, 2022 | 21:29

Updated-29 Apr, 2025 | 16:15

A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability.

Vendor-HP Inc.

CWE ID-CWE-269

Improper Privilege Management

CVE-2015-3113

Matching Score-8

Assigner-Adobe Systems Incorporated

Matching Score-8

Assigner-Adobe Systems Incorporated

CVSS Score-9.8||CRITICAL

EPSS-92.58% / 99.73%

7 Day CHG~0.00%

Published-23 Jun, 2015 | 21:00

Updated-30 Jul, 2025 | 01:46

Known KEV||Action Due Date - 2022-05-04||The impacted product is end-of-life and should be disconnected if still in use.

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-39085

Matching Score-8

Assigner-IBM Corporation