| Reporter | Title | Published | Views | Family All 128 |
|---|---|---|---|---|
| CVE-2025-37132 | 16 Oct 202504:20 | – | circl | |
| CVE-2025-37133 | 16 Oct 202504:20 | – | circl | |
| CVE-2025-37134 | 16 Oct 202504:20 | – | circl | |
| CVE-2025-37144 | 14 Oct 202517:16 | – | circl | |
| CVE-2025-37145 | 14 Oct 202517:16 | – | circl | |
| Hewlett Packard Enterprise ArubaOS 安全漏洞 | 14 Oct 202500:00 | – | cnnvd | |
| Hewlett Packard Enterprise ArubaOS 安全漏洞 | 14 Oct 202500:00 | – | cnnvd | |
| HPE Aruba Networking EdgeConnect OS 安全漏洞 | 14 Oct 202500:00 | – | cnnvd | |
| Hewlett Packard Enterprise ArubaOS 安全漏洞 | 14 Oct 202500:00 | – | cnnvd | |
| Hewlett Packard Enterprise ArubaOS 安全漏洞 | 14 Oct 202500:00 | – | cnnvd |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(270710);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/10/17");
script_cve_id(
"CVE-2025-37132",
"CVE-2025-37133",
"CVE-2025-37134",
"CVE-2025-37135",
"CVE-2025-37136",
"CVE-2025-37137",
"CVE-2025-37138",
"CVE-2025-37139",
"CVE-2025-37140",
"CVE-2025-37141",
"CVE-2025-37142",
"CVE-2025-37143",
"CVE-2025-37144",
"CVE-2025-37145"
);
script_xref(name:"IAVA", value:"2025-A-0774");
script_name(english:"ArubaOS 8.10.x < 8.10.0.19 / 8.12.x < 8.12.0.6 / 8.13.x < 8.13.1.0 / 10.4.x < 10.4.1.9 / 10.7.x < 10.7.2.1 Multiple Vulnerabilities (HPESBNW04957)");
script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of ArubaOS installed on the remote host is affected by multiple vulnerabilities as referenced in the
HPESBNW04957 advisory:
- An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW
and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an
authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the underlying
operating system. (CVE-2025-37132)
- An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility
Conductor operating system. Successful exploitation could allow an authenticated malicious actor to
execute arbitrary commands as a privileged user on the underlying operating system. (CVE-2025-37133)
- Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8
Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an
authenticated remote malicious actor to delete arbitrary files within the affected system.
(CVE-2025-37135)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04957en_us&docLocale=en_US
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2d0e55b7");
script_set_attribute(attribute:"solution", value:
"Upgrade to the ArubaOS version mentioned in the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-37132");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/10/14");
script_set_attribute(attribute:"patch_publication_date", value:"2025/10/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/17");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:arubanetworks:arubaos");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:arubaos");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("arubaos_installed.nbin", "arubaos_detect.nbin");
script_require_keys("installed_sw/ArubaOS");
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
var app_info = vcf::aruba::combined_get_app_info(os_flavour:'ArubaOS');
if (!empty_or_null(app_info.ver_model))
audit(AUDIT_INST_VER_NOT_VULN, 'ArubaOS', app_info.version);
var constraints = [
{ 'min_version' : '8.10', 'fixed_version' : '8.10.0.19' },
{ 'min_version' : '8.12', 'fixed_version' : '8.12.0.6'},
{ 'min_version' : '8.13', 'fixed_version' : '8.13.1.0'},
{ 'min_version' : '10.4', 'fixed_version' : '10.4.1.9'},
{ 'min_version' : '10.7', 'fixed_version' : '10.7.2.1' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation