22 matches found
CVE-2025-37133
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system...
EUVD-2025-34433
Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...
CVE-2025-37142
Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...
CVE-2025-37144
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...
CVE-2025-37136
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system...
CVE-2025-37141
Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...
CVE-2025-37137
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system...
CVE-2025-37144 Authenticated Arbitrary File Download Vulnerabilities in a Low-Level Interface Library Affecting AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...
CVE-2025-37143
CVE-2025-37143 describes an authenticated arbitrary file download vulnerability in the web-based management interface of ArubaOS AOS-10 GW and AOS-8 Controller/Mobility Conductor. The Nessus/NASL context links this CVE to multiple HPESBNW04957 entries, indicating affected ArubaOS versions (e.g., ...
EUVD-2025-34435
Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...
EUVD-2025-34438
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system...
CVE-2025-37136
CVE-2025-37136 is an authenticated arbitrary file deletion vulnerability in the CLI of HPE ArubaOS 8 Controller/Mobility Conductor. The issue allows an authenticated remote attacker to delete arbitrary files within the affected system. Connected documents corroborate the issue in ArubaOS: multipl...
PT-2025-41981
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system...
CVE-2025-27084 Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal (CP) of an AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-based Management Interface
A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting XSS attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within the...
CVE-2025-27085 Arbitrary File Download Vulnerabilities in Web-Based Management Interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor
Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device...
CVE-2025-27083 Authenticated Command Injection Vulnerabilities in AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface
Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying...
CVE-2025-27083 Authenticated Command Injection Vulnerabilities in AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface
Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying...
CVE-2025-27083
CVE-2025-27083 : Authenticated command injection in HPE AOS web-based management interfaces (AOS-10 GW and AOS-8 Controller/Mobility Conductor). The issue allows an authenticated attacker to execute arbitrary commands with elevated privileges on the underlying OS. Affected software/versions are A...
CVE-2025-27082
The CVE-2025-27082 entry concerns an Arbitrary File Write vulnerability in the web-based management interfaces of HPE AOS-10 GW and AOS-8 Controller/Mobility Conductor. Affected component: the web UI backend for AOS-10 GW and AOS-8 Controller/Mobility Conductor. Root cause: ability for an authent...
CVE-2025-27082 Authenticated Remote Code Execution Vulnerabilities in AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface via Arbitrary File Write
Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlyin...